2007-03-29 18:10:14 +02:00
|
|
|
|
<?php
|
|
|
|
|
/*******************************************************************************
|
|
|
|
|
* Copyright (C) 2007 Easter-eggs
|
|
|
|
|
* http://ldapsaisie.labs.libre-entreprise.org
|
|
|
|
|
*
|
|
|
|
|
* Author: See AUTHORS file in top-level directory.
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
|
|
|
|
|
/**
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Gestion de l'accès à l'annaire Ldap
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Cette classe gère l'accès à l'annuaire ldap en s'appuyant sur PEAR :: Net_LDAP2
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*/
|
|
|
|
|
class LSldap {
|
|
|
|
|
|
|
|
|
|
var $config;
|
|
|
|
|
var $cnx = NULL;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructeur
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Cette methode définis la configuration de l'accès à l'annuaire
|
|
|
|
|
* et établie la connexion.
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2008-04-25 15:48:12 +02:00
|
|
|
|
* @param[in] $config array Tableau de configuration au formar Net_LDAP2
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @retval void
|
|
|
|
|
*
|
2008-04-25 15:48:12 +02:00
|
|
|
|
* @see Net_LDAP2::connect()
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*/
|
|
|
|
|
function LSldap ($config) {
|
|
|
|
|
$this -> config = $config;
|
|
|
|
|
$this -> connect();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Connection
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Cette methode établie la connexion à l'annuaire Ldap
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @retval boolean true si la connection est établie, false sinon
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*/
|
|
|
|
|
function connect() {
|
2008-04-25 15:48:12 +02:00
|
|
|
|
$this -> cnx = Net_LDAP2::connect($this -> config);
|
|
|
|
|
if (Net_LDAP2::isError($this -> cnx)) {
|
2007-03-29 18:10:14 +02:00
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(1,$this -> cnx -> getMessage());
|
|
|
|
|
$this -> cnx = NULL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Déconnection
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Cette methode clos la connexion à l'annuaire Ldap
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
|
|
|
|
* @retval void
|
|
|
|
|
*/
|
|
|
|
|
function close() {
|
|
|
|
|
$this -> cnx -> done();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Recherche dans l'annuaire
|
|
|
|
|
*
|
|
|
|
|
* Cette methode effectue une recherche dans l'annuaire et retourne le resultat
|
|
|
|
|
* de celle-ci sous la forme d'un tableau.
|
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
|
|
|
|
* @param[in] $filter [<b>required</b>] string Filtre de recherche Ldap
|
|
|
|
|
* @param[in] $basedn string DN de base pour la recherche
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @param[in] $params array Paramètres de recherche au format Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
2008-04-25 15:48:12 +02:00
|
|
|
|
* @see Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @retval array Retourne un tableau associatif contenant :
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* - ['dn'] : le DN de l'entré
|
|
|
|
|
* - ['attrs'] : tableau associatif contenant les attributs (clé)
|
2007-03-29 18:10:14 +02:00
|
|
|
|
* et leur valeur (valeur).
|
|
|
|
|
*/
|
2007-11-15 19:07:24 +01:00
|
|
|
|
function search ($filter,$basedn=NULL,$params = array()) {
|
2007-03-29 18:10:14 +02:00
|
|
|
|
$ret = $this -> cnx -> search($basedn,$filter,$params);
|
2008-04-25 15:48:12 +02:00
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2007-03-29 18:10:14 +02:00
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(2,$ret -> getMessage());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
$retInfos=array();
|
|
|
|
|
foreach($ret -> entries() as $entry) {
|
|
|
|
|
$retInfos[]=array('dn' => $entry -> dn(), 'attrs' => $entry -> getValues());
|
|
|
|
|
}
|
|
|
|
|
return $retInfos;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Compte le nombre de retour d'une recherche dans l'annuaire
|
|
|
|
|
*
|
|
|
|
|
* Cette methode effectue une recherche dans l'annuaire et retourne le nombre
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* d'entrés trouvées.
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
|
|
|
|
* @param[in] $filter [<b>required</b>] string Filtre de recherche Ldap
|
|
|
|
|
* @param[in] $basedn string DN de base pour la recherche
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @param[in] $params array Paramètres de recherche au format Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
2008-04-25 15:48:12 +02:00
|
|
|
|
* @see Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @retval numeric Le nombre d'entré trouvées
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*/
|
|
|
|
|
function getNumberResult ($filter,$basedn=NULL,$params = array() ) {
|
|
|
|
|
if (empty($filter))
|
|
|
|
|
$filter=NULL;
|
|
|
|
|
$ret = $this -> cnx -> search($basedn,$filter,$params);
|
2008-04-25 15:48:12 +02:00
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2007-03-29 18:10:14 +02:00
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(2,$ret -> getMessage());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
return $ret -> count();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Charge les valeurs des attributs d'une entré de l'annuaire
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Cette methode recupère les valeurs des attributs d'une entrée de l'annaire
|
2007-03-29 18:10:14 +02:00
|
|
|
|
* et les retournes sous la forme d'un tableau.
|
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @param[in] $dn string DN de l'entré Ldap
|
2007-03-29 18:10:14 +02:00
|
|
|
|
*
|
|
|
|
|
* @retval array Tableau associatif des valeurs des attributs avec en clef, le nom de l'attribut.
|
|
|
|
|
*/
|
|
|
|
|
function getAttrs($dn) {
|
|
|
|
|
$infos = ldap_explode_dn($dn,0);
|
|
|
|
|
if((!$infos)||($infos['count']==0))
|
|
|
|
|
return;
|
|
|
|
|
$basedn='';
|
|
|
|
|
for ($i=1;$i<$infos['count'];$i++) {
|
|
|
|
|
$sep=($basedn=='')?'':',';
|
|
|
|
|
$basedn.=$sep.$infos[$i];
|
|
|
|
|
}
|
|
|
|
|
$return=$this -> search($infos[0],$basedn);
|
|
|
|
|
return $return[0]['attrs'];
|
|
|
|
|
}
|
2007-11-15 19:07:24 +01:00
|
|
|
|
|
|
|
|
|
/**
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Retourne une entrée existante ou nouvelle
|
2007-11-15 19:07:24 +01:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
|
|
|
|
* @param[in] $object_type string Type de l'objet Ldap
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @param[in] $dn string DN de l'entré Ldap
|
2007-11-15 19:07:24 +01:00
|
|
|
|
*
|
2008-05-05 16:39:41 +02:00
|
|
|
|
* @retval ldapentry|array Un objet ldapentry (PEAR::Net_LDAP2)
|
2008-05-15 12:01:59 +02:00
|
|
|
|
* ou un tableau (si c'est une nouvelle entr<EFBFBD>e):
|
|
|
|
|
* Array (
|
|
|
|
|
* 'entry' => ldapentry,
|
|
|
|
|
* 'new' => true
|
|
|
|
|
* )
|
2007-11-15 19:07:24 +01:00
|
|
|
|
*/
|
|
|
|
|
function getEntry($object_type,$dn) {
|
|
|
|
|
if(isset($GLOBALS['LSobjects'][$object_type])){
|
|
|
|
|
$obj_conf=$GLOBALS['LSobjects'][$object_type];
|
|
|
|
|
$entry = $this -> cnx -> getEntry($dn);
|
2008-04-25 15:48:12 +02:00
|
|
|
|
if (Net_LDAP2::isError($entry)) {
|
2008-05-05 16:39:41 +02:00
|
|
|
|
//$newentry = new Net_LDAP2_Entry(&$this -> cnx);
|
|
|
|
|
//$newentry -> dn($dn);
|
2008-05-15 12:01:59 +02:00
|
|
|
|
//$newentry -> add(array('objectclass' => $obj_conf['objectclass']));
|
2008-05-05 16:39:41 +02:00
|
|
|
|
//foreach($obj_conf['attrs'] as $attr_name => $attr_conf) {
|
|
|
|
|
// $newentry->add(array($attr_name => $attr_conf['default_value']));
|
|
|
|
|
//}
|
2008-05-15 12:01:59 +02:00
|
|
|
|
$attributes = array(
|
|
|
|
|
'objectclass' => $obj_conf['objectclass']
|
|
|
|
|
);
|
|
|
|
|
foreach($obj_conf['attrs'] as $attr_name => $attr_conf) {
|
|
|
|
|
if( isset($attr_conf['default_value']) ) {
|
|
|
|
|
$attributes[$attr_name]=$attr_conf['default_value'];
|
|
|
|
|
}
|
2007-11-15 19:07:24 +01:00
|
|
|
|
}
|
2008-05-05 16:39:41 +02:00
|
|
|
|
$newentry = Net_LDAP2_Entry::createFresh($dn,$attributes);
|
|
|
|
|
|
|
|
|
|
return array('entry' => $newentry,'new' => true);
|
2007-11-15 19:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return $entry;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(3);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Met à jour une entrée dans l'annuaire
|
2008-02-26 18:40:05 +01:00
|
|
|
|
*
|
|
|
|
|
* Remarque : Supprime les valeurs vides de attributs et les attributs sans valeur.
|
2007-11-15 19:07:24 +01:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
|
|
|
|
* @param[in] $object_type string Type de l'objet Ldap
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @param[in] $dn string DN de l'entré Ldap
|
|
|
|
|
* @param[in] $change array Tableau des modifications à apporter
|
2007-11-15 19:07:24 +01:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @retval boolean true si l'objet a bien été mis à jour, false sinon
|
2007-11-15 19:07:24 +01:00
|
|
|
|
*/
|
|
|
|
|
function update($object_type,$dn,$change) {
|
2008-02-12 18:59:44 +01:00
|
|
|
|
debug($change);
|
2008-02-26 18:40:05 +01:00
|
|
|
|
$dropAttr=array();
|
2008-05-15 12:01:59 +02:00
|
|
|
|
$entry=$this -> getEntry($object_type,$dn);
|
|
|
|
|
if (is_array($entry)) {
|
|
|
|
|
$new = $entry['new'];
|
|
|
|
|
$entry = $entry['entry'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$new = false;
|
|
|
|
|
}
|
2008-05-05 16:39:41 +02:00
|
|
|
|
|
|
|
|
|
if($entry) {
|
2008-02-26 18:40:05 +01:00
|
|
|
|
foreach($change as $attrName => $attrVal) {
|
|
|
|
|
$drop = true;
|
|
|
|
|
if (is_array($attrVal)) {
|
|
|
|
|
foreach($attrVal as $val) {
|
|
|
|
|
if (!empty($val)) {
|
|
|
|
|
$drop = false;
|
|
|
|
|
$changeData[$attrName][]=$val;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-04-25 15:48:12 +02:00
|
|
|
|
else {
|
|
|
|
|
if (!empty($attrVal)) {
|
|
|
|
|
$drop = false;
|
|
|
|
|
$changeData[$attrName][]=$attrVal;
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-02-26 18:40:05 +01:00
|
|
|
|
if($drop) {
|
|
|
|
|
$dropAttr[] = $attrName;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$entry -> replace($changeData);
|
2008-05-05 16:39:41 +02:00
|
|
|
|
debug('change : <pre>'.print_r($changeData,true).'</pre>');
|
|
|
|
|
debug('drop : <pre>'.print_r($dropAttr,true).'</pre>');
|
2008-04-25 15:48:12 +02:00
|
|
|
|
|
2008-05-15 12:01:59 +02:00
|
|
|
|
if ($new) {
|
|
|
|
|
$ret = $this -> cnx -> add($entry);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$ret = $entry -> update();
|
|
|
|
|
}
|
|
|
|
|
|
2008-04-25 15:48:12 +02:00
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2007-11-15 19:07:24 +01:00
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(5,$dn);
|
2008-05-15 14:49:03 +02:00
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
2007-11-15 19:07:24 +01:00
|
|
|
|
}
|
|
|
|
|
else {
|
2008-05-15 12:01:59 +02:00
|
|
|
|
if (!empty($dropAttr)) {
|
|
|
|
|
foreach($dropAttr as $attr) {
|
|
|
|
|
$entry -> delete($attr);
|
|
|
|
|
}
|
|
|
|
|
$ret = $entry -> update();
|
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2008-05-15 14:49:03 +02:00
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(6);
|
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
2008-05-15 12:01:59 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
2007-11-15 19:07:24 +01:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(4);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-02-05 17:11:21 +01:00
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Test de bind
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Cette methode établie une connexion à l'annuaire Ldap et test un bind
|
|
|
|
|
* avec un login et un mot de passe passé en paramètre
|
2008-02-05 17:11:21 +01:00
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @retval boolean true si la connection à réussi, false sinon
|
2008-02-05 17:11:21 +01:00
|
|
|
|
*/
|
|
|
|
|
function checkBind($dn,$pwd) {
|
2008-02-12 18:59:44 +01:00
|
|
|
|
$config = $this -> config;
|
|
|
|
|
$config['binddn'] = $dn;
|
|
|
|
|
$config['bindpw'] = $pwd;
|
2008-04-25 15:48:12 +02:00
|
|
|
|
$cnx = Net_LDAP2::connect($config);
|
|
|
|
|
if (Net_LDAP2::isError($cnx)) {
|
2008-02-05 17:11:21 +01:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-12 18:59:44 +01:00
|
|
|
|
/**
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* Retourne l'état de la connexion Ldap
|
2008-02-12 18:59:44 +01:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @retval boolean True si le serveur est connecté, false sinon.
|
2008-02-12 18:59:44 +01:00
|
|
|
|
*/
|
|
|
|
|
function isConnected() {
|
|
|
|
|
return ($this -> cnx == NULL)?false:true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Supprime un objet de l'annuaire
|
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @param[in] string DN de l'objet à supprimer
|
2008-02-12 18:59:44 +01:00
|
|
|
|
*
|
2008-04-25 16:09:27 +02:00
|
|
|
|
* @retval boolean True si l'objet à été supprimé, false sinon
|
2008-02-12 18:59:44 +01:00
|
|
|
|
*/
|
|
|
|
|
function remove($dn) {
|
2008-07-29 16:23:47 +02:00
|
|
|
|
$ret = $this -> cnx -> delete($dn,array('recursive' => true));
|
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
2008-02-12 18:59:44 +01:00
|
|
|
|
}
|
2008-02-05 17:11:21 +01:00
|
|
|
|
|
2008-07-29 15:45:02 +02:00
|
|
|
|
/**
|
|
|
|
|
* D<EFBFBD>place un objet LDAP dans l'annuaire
|
|
|
|
|
*
|
|
|
|
|
* @param[in] $old string Le DN actuel
|
|
|
|
|
* @param[in] $new string Le futur DN
|
|
|
|
|
*
|
|
|
|
|
* @retval boolean True si l'objet a <EFBFBD>t<EFBFBD> d<EFBFBD>plac<EFBFBD>, false sinon
|
|
|
|
|
*/
|
|
|
|
|
function move($old,$new) {
|
2008-07-29 16:23:47 +02:00
|
|
|
|
$ret = $this -> cnx -> move($old,$new);
|
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(7);
|
|
|
|
|
$GLOBALS['LSerror'] -> addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
2008-07-29 15:45:02 +02:00
|
|
|
|
}
|
2007-03-29 18:10:14 +02:00
|
|
|
|
}
|
|
|
|
|
|
2007-11-15 19:07:24 +01:00
|
|
|
|
?>
|